<< Back Home RU ru   Donate Donate

Apache + SSL self-signed certificate (quick HOWTO)

Generate self-signed certificate. Simple, but I often forget how to do it :) It is alse useful for quick fixup of Error code: sec_error_reused_issuer_and_serial, which appear when default apache sertificat is used on several servers under your control.

# openssl req -x509 -nodes -newkey rsa:2048 -keyout -out
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout -out

Answer some questions. The main is:

Common Name:

You will get .key and .crt in current directory. Place them to some directory that you defined for sertificate storage. Then update <VirtualHost MY.SITE.IP.ADDRESS:443> section with paths to them:

<VirtualHost MY.SITE.IP.ADDRESS:443>
SSLEngine on
SSLCertificateFile "/usr/local/etc/apache22/ssl/"
SSLCertificateKeyFile "/usr/local/etc/apache22/ssl/"

Note: For old versions each SSL-enabled site must have unique IP address or the certificate must include all domain names served by given IP. Newer versions are capable of keeping individual certificate for each virtual host.

See also:

Mail to (remove X)  
<< Back designed by Alter aka Alexander A. Telyatnikov powered by Apache+PHP under FBSD © 2002-2018